none
公司AD服务器更换域名 RRS feed

  • 问题

  • 您好,公司因业务需要现要对原来 AD域服务的域名进行变更,但要求保留原来用户及策略。我想咨询下更改域名时,是否存在相关风险呢?二、公司有几千台客户端电脑 如果域服务器更改了域名,那是否影响客户端正常登陆及获取ip跟套用相关策略? 三、如果可以更改。是否需要人工逐台修改呢?
    2013年7月10日 3:42

答案

  • AD 網域的名字是可以更改的,不過得小心逐步進行

    大致上有以下動作:

    1. Run "rendom /list" to generate a state file named Domainlist.xml.

    2. Edit the state file, changing the <DNSname> and <NetBiosName> fields to the desired values for the new domain name.

    3. Run "rendom /showforest" to show the potential changes; this step does not actually make any changes.

    4. Run "rendom /upload" to upload the rename instructions to the configuration directory partition on the domain controller holding the domain naming operations master role. The instructions are then replicated to all other DC's in the forest. Once replicated to all DC's, the rename instructions are ready to be carried out. You can force replication by running the "repadmin /syncall" command.

    5. Run "rendom /prepare" to verify the readiness of each domain controller in the forest to carry out the rename instructions. This should contact all DC's successfully and return no errors before proceeding.

    6. Run "rendom /execute", this verifies readiness of all DC's, then preforms the rename action on each one. There will be a service interruption during this period. Upon completion domain controllers will be rebooted. If an error occurs on a DC during this phase, the entire transaction is rolled back. Any DC's that don't complete successfully after this phase must be demoted and removed from service.

    7. Run "gpfixup" to refresh all intradomain references and links to group policy objects.

    8. Reboot client computers and member servers twice to obtain new domain name. Because the GUID's of the domain remain the same during the rename process, domain membership is not affected. The DNS suffix of the client machines will also be updated assuming the default option of "Change primary DNS suffix when domain membership changes" is enabled.

    9. Run "rendom /clean" to remove references of the old domain name from Active Directory.

    10. Run "rendom /end" to unfreeze the forest configuration and allow further changes. This was frozen during the rendom /upload step.

    建議一定要好好了解以下資料的內容後再來實作

    Administering Active Directory Domain Rename

    http://technet.microsoft.com/en-us/library/cc794869.aspx

    2013年7月10日 5:11

全部回复

  • 域控重命名可参考:

    http://bbs.winos.cn/viewthread.php?tid=94285&from=favorites


    在IT的路上,You'll never walk alone

    2013年7月10日 4:01
  • 你好, 

    1. 相關風險很多, 把AD域改名是個高風險的動作, 最壞的情況是整個域不能再運作

    2. 正確的步驟可以避免發生你所提及的問題, 尤其你提及到的連接問題, 關乎前設準備的DNS Zone和DC SRV紀錄有沒有設置妥當.

    3. 不需要續台客戶端修改的, 只要重開機2次就可以自動修改好

    4. 題外話, 如果你有安裝Exchange 2000, Exchange 2007, Exchange 2010, 是不可以做改名動作的 (Exchange 2003 SP1 卻可以)

    強力建議你把這份步驟文件熟讀, 多次確認所有程序正確, 做好備份才開始這個動作


    邊幫助, 邊鍛鍊

    2013年7月10日 4:08
  • AD 網域的名字是可以更改的,不過得小心逐步進行

    大致上有以下動作:

    1. Run "rendom /list" to generate a state file named Domainlist.xml.

    2. Edit the state file, changing the <DNSname> and <NetBiosName> fields to the desired values for the new domain name.

    3. Run "rendom /showforest" to show the potential changes; this step does not actually make any changes.

    4. Run "rendom /upload" to upload the rename instructions to the configuration directory partition on the domain controller holding the domain naming operations master role. The instructions are then replicated to all other DC's in the forest. Once replicated to all DC's, the rename instructions are ready to be carried out. You can force replication by running the "repadmin /syncall" command.

    5. Run "rendom /prepare" to verify the readiness of each domain controller in the forest to carry out the rename instructions. This should contact all DC's successfully and return no errors before proceeding.

    6. Run "rendom /execute", this verifies readiness of all DC's, then preforms the rename action on each one. There will be a service interruption during this period. Upon completion domain controllers will be rebooted. If an error occurs on a DC during this phase, the entire transaction is rolled back. Any DC's that don't complete successfully after this phase must be demoted and removed from service.

    7. Run "gpfixup" to refresh all intradomain references and links to group policy objects.

    8. Reboot client computers and member servers twice to obtain new domain name. Because the GUID's of the domain remain the same during the rename process, domain membership is not affected. The DNS suffix of the client machines will also be updated assuming the default option of "Change primary DNS suffix when domain membership changes" is enabled.

    9. Run "rendom /clean" to remove references of the old domain name from Active Directory.

    10. Run "rendom /end" to unfreeze the forest configuration and allow further changes. This was frozen during the rendom /upload step.

    建議一定要好好了解以下資料的內容後再來實作

    Administering Active Directory Domain Rename

    http://technet.microsoft.com/en-us/library/cc794869.aspx

    2013年7月10日 5:11
  • 如果你的环境中存在EXCHANGE 2010 那么你是不能进行更名操作的,你只能走迁移的方式去执行这个项目

    技术超级500人群:66140619 随心而变!继往开来!AD+Exchange 健康检查,年度维护、Exchange\企业服务器建制!如有需求请联系raymond.xu@acer.com

    2013年7月10日 6:21
    版主